If this is really secret (as defined by the government) then you have made your first mistake by putting this data onto a laptop and taking out of a secure building.

Likewise, if this is gov then in the UK and the US then your local infosec team will be on hand to give you guidance.

If this is just sensitive commercial grade stuff however thn start with good full disk encryption. Others here have already pointed you at a few products so use these to secure the laptop whilst it is at rest.

This now means that even if your laptop is stolen, they can't just boot the thing up and even if they put the hard disk into a different machine, they still need to spend time breaking the encryption before they gain access.

And finally, if this is really SECRET, fill the RJ45 ethernet port with some sort of epoxy resin to avoid the urge to plug it into an unsecure network such as a college LAN or even the internet.

In addition to what NetworkGuy has already said, do note that the majority of attacks against strong encryption do not occur against the algorithm itself, but against other vulnerabilities. In otherwords, why crack the encryption when a simple rootkit, trojan or vulnerability exploit can render your data compromised? Your connection to the Internet is your biggest threat. If the data you are trying to protect is as important as you make it out to be, take the advice of others from this posting and get guidance from industry level security professionals. Online postings can only help you so much, and the risk of misconfiguration in the security realm is incredibly high if you are not a seasoned professional.

First of all , as networkguy mentioned , these data should never be out of the premises in the first place...

Anyway... lets give it a shot.

1-First of all encryption. Use PGP or other encryption program , capable of providing a 1024bit RSA key.

Take your keys now , created by PGP and store them into a usb stick which should be kept in a different place than your notebook. Without those keys , data are useless even from a physical attack.

2-Hide them. Use a security suite like Steganos and create a virtual drive with full encryption provided by the software. The complexity of getting the files cracked, should reach to max, if you think that you have first used PGP, then Steganos and then hide them all together into a file (virtual drive) which open only with a very strong alphanumeric password. Not to mention that you need to have this USB with the keys for the PGP program.

3-On top off all that you can use a biometric fingerprint usb device that will ask for the password and match it with your fingerprint.

So no matter if the attacker steals your notebook (which should be insured) he will never crack the procedure, cause he will be missing 3 things.

USB and keys of PGP, Password for Steganos , Fingerprint of yours along with the local password of your account. Even from a physical point of view , if he tries to "read" the HDD with another device/system he will get an encrypted file with 1024-RSA encryption (PGP) multiplied with the encryption strength of Steganos Security.

I do not have to mention though that this case , is valid and easy to use , only if the data you are reffering to , are not more than 500MB. Otherwise it might take you a period of 10-20mins , to encrypt-decrypt every time those files.

Online postings can only help you so much, and the risk of misconfiguration in the security realm is incredibly high if you are not a seasoned professional.

Good point. What I always ask people is "do you want The Sun Test? <insert your biggest selling newspaper here!>. Meaning if you fook up do you want your face on the front page of a newspaper saying "this was the guy that lost 45.7 million credit card details... leaked the personal detail of 40,00 veterens, lost a billion pound order because tender documents were lost..., etc <add you own headline in here!>.

When it comes to full hard drive encryption, one is always weary that corruption will make the data unusable. Of course, this corruption would happen at the worst time (company meeting, conference). So for me, it's not just a security against data loss (via theft) question. It also has to do with reliable data access, once these security measures ar in place. So, I like the suggestions given, including Gandalf's meshing of them. Could someone bottom line the data access reliability factor?

In response to the original post, I'd say that a layered security approach that is commensurate with the level of risk is entirely appropriate. A reasonable (rather than paranoid) approach to security is appropriate in most environments. First, it's good to divide security in terms of the computer being "live" as well as the computer (and data) being "at rest." Let's start w/ the first.

While the computer is on, you could face a variety of potential data-breaching scenarios. If you surf the web with your laptop, a single piece of malware on a rogue (or even legitimate) web site could render your machine owned (breached). At that point, you *might* have a data breach (or, your machine might simply be used as a spambot, not that that's a good thing). Regardless, being proactive is key to protecting your data. I won't regurgitate the "top 10 security tips" lists that are out there and readily available, but I'll say that 2 bafflingly seldom-mentioned suggestions are as follows:
* use a limited user account for daily computer use
* turn on DEP for all progs/services, and verify that your hardware supports marking pages in memory as "no execute" (NX, aka XD)

Logging in as a limited user will reduce your security "surface area" in the event that malware executes within the security context of your login. Regarding DEP, I strongly recommend using hardware that supports it. If your machine does not, then you could consider upgrading (i.e., purchasing) a new machine.

Now, in regards to data that is "at rest," I like the idea of FDE (full disk encryption). FDE encrypts everything on the disk, sector by sector, excluding necessary startup code residing in the MBR (master boot record). The idea of FDE is that, if someone steals your computer and attempts to read data directly off the disk, that data will all be encrypted and nearly impossible to access.

Given the availability of EFS (encrypting file system) in the "professional" or "business" edition of Windows, why not just use EFS? EFS is certainly an option, but non-Vista versions of Windows cannot encrypt the paging files and confidential files might appear in unencrypted form in the %temp% directory. One solution to both problems would be to 1) encrypt the %temp% folder & sub-folders (in addition to your "documents" directories or wherever your secret files reside) and to 2) not use paging at all (assuming your have a liberal amount of physical memory). Again, with FDE this is not an issue since file fragments, paging files, as well as temp files are all encrypted anyway, and furthermore, FDE is more "thorough" in that literally everything (well, almost) is encrypted, so for the paranoid FDE is a better route, but for the mere "security conscious" individual, EFS might be an acceptable solution.

Again, I'll skip the "top 10" lists that recommend such obvious suggestions as to use a firewall (that actually works), use AV, be judicious in your downloads, and so forth. I will say that, on a final note, good security is layered, such that if a breach occurs, the bad guy will not immediately have full access to your data, but will instead have to undergo at least one or two more hurdles.

This is an issue which has all to do with your HDD life limit as hardware part. As long as your drive is spining right and your system can read all data from it, then you can work with 100% efficiency.

Since now , we are aware that as hardware it will certainly fail at some point in teh future, backup is another case that we need to examine. Backup should be made in a scheduled way as to have a 90-95% data integrity and availabillity.
Confidentiality however should be achieved in a more physical way , like for instance storing them in a remote place (e.g. safe box or bank deposit box) according to your data value. If you are a simple user, i think that a small locked cabinet would be enough to store any CD/DVD/USB sticks you might have to safe keep your files.
Keep in mind also that there are 2-4GB usb sticks out there with built-in encryption module and biometric devices on board. So you might feel a bit more safer with them.